-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add signing and verification methods based on in-toto statements #193
Conversation
@laurentsimon, @font and @mihaimaruseac this is the first part split out from #177 . I started with it because it is a standalone part of the former change. I did not address any comments to make sure nothing is missed. Please be so kind and repost your comments here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@susperius Thanks for splitting this out! I made a first pass and it generally looks really good. I made a few comments. The main one being that I think we should also offer a way to sign and upload to Sigstore's Rekor transparency log using an existing key instead of just the keyless option. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR. I think main worry I have is that this uses too much tight coupling with sigstore and won't work with other use cases we are engaged with
d487ac1
to
f638bc3
Compare
03f2a4d
to
af780b1
Compare
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
@mihaimaruseac and @laurentsimon what tooling do you use to create/update the requirement (lock) files? |
We have a GitHub action: https://github.com/sigstore/model-transparency/actions/workflows/pin_deps.yml It can be manually triggered and the target branch could be set to a PR branch, but I have not tested it. |
@mihaimaruseac what's the way forward with this pull request? |
Hmm, let me check a couple of things. I'd like to have either this or the manifest progress by Wednesday meeting |
Let's go with this one first, the manifest work seems to need more time :(. Can you rebase this back on |
Done |
57e6316
to
0e0886a
Compare
license gitignore newline add dependencies Signed-off-by: Martin Sablotny <msablotny@nvidia.com> deps
@mihaimaruseac friendly ping |
Sorry, been ~OOO for the past 1.5 weeks. Hmm, there's a unit test failure, a module not found error. I'm ok with the PR, leaving to @laurentsimon for final review. |
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
No worries! Hope I fixed the deps issue. |
This is weird, we should not list the same dependency twice. Did you upgrade the frozen deps files? |
I was surprised too. (AFAIU it's not possible for me to fix the deps since I'd need a system each don't I?) |
I cannot run it on your fork repo. In your fork, you need to go to the "Pin dependencies" action (https://github.com/susperius/model-transparency/actions/workflows/pin_deps.yml) and trigger one run. It will create a PR on your fork against your main branch, merge that and then this will automatically update. But before you do that, you'll have to remove it from the duplicate |
Ah ok, thanks! |
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Update frozen python dependencies
Signed-off-by: Martin Sablotny <susperius@gmail.com>
Signed-off-by: Martin Sablotny <susperius@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can merge this PR and make generalize / update the code w.r.t manifest / raw signers in follow-up PRs.
Thanks @susperius again!
Signed-off-by: Martin Sablotny <msablotny@nvidia.com>
This PR adds functionality to sign and verify models with Sigstore, "Bring Your Own Key" and "Bring Your Own PKI".
The signing part expects an in-toto statements and returns a signed sigstore bundle with the appropriate verification material added.
The verification part takes a sigstore bundle as input and verifies the signature over the DSSE envelope payload.
This PR is split out from #177 .